EddieThePro Posted May 17, 2015 Share Posted May 17, 2015 Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Some of the files are used by software/programs that are running Cheers, I'll stay safe and avoid it for the time being. Regarding your picture: I think that's fine. Mine consists of 'Administrator - ASPNET - Guest - [My Name] Thanks mate! Really appriciate it! Have a wonderful sunday! Link to comment Share on other sites More sharing options...
Smiley992 Posted May 17, 2015 Share Posted May 17, 2015 So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA Everything is in the picture Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine . Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Temp folder is like the Trash of the pc Just delete it all and Delete prefetch files as well Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 17, 2015 Share Posted May 17, 2015 So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA Everything is in the picture Guest is an account you can enable or not if someone wants to use your computer without a password but with limited privileges. They can't access your files too. Link to comment Share on other sites More sharing options...
Eagle1001 Posted May 17, 2015 Share Posted May 17, 2015 Could someone tell me if it stole files? I really need to know. Link to comment Share on other sites More sharing options...
BKnight Posted May 17, 2015 Share Posted May 17, 2015 So, i did that net user thing with CMD, and it came up with this. http://sv.tinypic.com/view.php?pic=2nvgkrk&s=8#.VVitRvntnGA Everything is in the picture Don't worry sir, it's okay the only problem is if it's write another name under your name, the Guest thing is Fine . Okay, so this may sound like an incredibly nooby question, but what's stopping us from just deleting everything in 'Temp'? Are things stored in there important? Surely it should be filled with replaceable files seeing as the folder is quite literally named 'Temporary'? I've got around 3GB of stuff inside that folder and wouldn't mind deleting some of it? Sorry if this is f*cking stupid. I'm usually smarter than this, promise Temp folder is like the Trash of the pc Just delete it all and Delete prefetch files as well Don't worry Deleting Temp Does not Delete any thing important Related to your Pc Files or anything else so it's alright Yeah, I eventually established this after a quick Google search... Just threw it all in the Recycling Bin. But thanks! I'd recommend it to anyone who is still weary about the virus and any files they could've missed Link to comment Share on other sites More sharing options...
sir_cormac_thunderguts Posted May 17, 2015 Share Posted May 17, 2015 Probable secuirity fix in Windows 10 (Correct me if i'm not) If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps Here are some images I couldnt find a value in my registry Link to comment Share on other sites More sharing options...
Zhuocheng Tan Posted May 17, 2015 Share Posted May 17, 2015 Probable secuirity fix in Windows 10 (Correct me if i'm not) If you have Windows 10 (beta), you shouldnt be affected. I had kept my antivirus and firewall off anyways. Hope this helps Here are some images I couldnt find a value in my registry i couldnt find it on 8.1 Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 17, 2015 Share Posted May 17, 2015 The value in the registry made the virus start up again at each boot. Better check your temp folders and quarantine to be safe. Link to comment Share on other sites More sharing options...
MPowell Posted May 17, 2015 Share Posted May 17, 2015 Well where were these files downloaded from, who hosted them? It is not that hard to put a name on the coward/thief/imbecile who did this... Link to comment Share on other sites More sharing options...
bocodamondo Posted May 17, 2015 Share Posted May 17, 2015 can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file? i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes .there's also no fade or init in my temp folder i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords. Link to comment Share on other sites More sharing options...
Igor Bogdanoff Posted May 17, 2015 Share Posted May 17, 2015 Nope you have to load into game with asi loader and that asi installed Link to comment Share on other sites More sharing options...
MonsieurSamuel Posted May 17, 2015 Share Posted May 17, 2015 can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file? i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes .there's also no fade or init in my temp folder i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords. No chance that you're affected. The virus-downloading script is only executed when the .asi file is inside GTA's root folder and you've run the game with the .asi inside. You're fine. Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 17, 2015 Share Posted May 17, 2015 (edited) "can anyone help me, i accidentally downloaded the angry plane mod (i dont even own GTA5) when i clicked on it, i was like meh, and just let it there in my Downloads folder as ZIP file. after i found out about this, i immediatly went and deleted the file and cleared my trashcan....does it install the malware when it still a ZIP/RAR file? i tried to scan my PC for a Fade.exe or Init.exe and the only ones with those names i found are a few init files in games like legend of korra, DMC4, resident evil revelations, RE6, bully... but those were all like init,arc or init.bnk ... no init.exe the only "fade" files i found are some fade.nft in bully...thats it. no Fade.exe i scanned my downloads folder with both avira antivirus and it said its clean and im currently scanning it with superantispyware and malwarebytes .there's also no fade or init in my temp folder i really want to know if there's a chance i get the virus without extracting it out of the ZIP/RAR file. so i can go and change all my passwords." if you did not unrar it or not launch gta 5 you should be ok since it injected the viruses and malware / key loggers when you launched gta 5 change your passwords and run a few scans with malwarebytes an anti virus program and try tdsskiller it scans for rootkits if you want even more try programs like adwcleaner, hitmanpro, rkill and roguekiller they are some of the best I have them all installed also when you launch after the scan it might ask for an email just put in your email and ignore the email if you do not offers for the program. Go to " http://www.bleepingcomputer.com/download/windows/" and look at the most downloaded on the left as most downloaded / recommended programs that I have mentioned are there, Hope this helps P.S I do not know why the text went while just click and highlight it you will see the text ( it tells you what programs people recommend ) Edited May 17, 2015 by TheMuffinManOP Link to comment Share on other sites More sharing options...
bocodamondo Posted May 17, 2015 Share Posted May 17, 2015 alright, i scanned my PC with malwarebytes too and it said its clean from any init or fade exe. TheMuffinManOP 1 Link to comment Share on other sites More sharing options...
handoverfist Posted May 17, 2015 Share Posted May 17, 2015 The value in the registry made the virus start up again at each boot. Better check your temp folders and quarantine to be safe. Which file? Also if it re-downloaded that means you didn't clean it out well enough. Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 17, 2015 Share Posted May 17, 2015 (edited) Which file? Also if it re-downloaded that means you didn't clean it out well enough. That was set to Fade.exe. Even if the registry was not infected, the initial run of Fade.exe might have happened. Hello there I was wondering if someone could help me. Can you test and see if this link is safe to download? Are there any viruses, malware or anything bad in there? Thanks This is a hack for GTA Online which is not allowed here. Reported to remove the link, be carefull next time or you might get a sanction from mods. Also, it'll get you banned anyway. Edited May 17, 2015 by MarshallRawR Link to comment Share on other sites More sharing options...
T34B4G Posted May 17, 2015 Share Posted May 17, 2015 This is a hack for GTA Online which is not allowed here. Reported to remove the link, be carefull next time or you might get a sanction from mods. Also, it'll get you banned anyway. sh*t sorry I didn't realize Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 17, 2015 Share Posted May 17, 2015 for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * ) but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks Extra stuff: the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has. Link to comment Share on other sites More sharing options...
G0nx4 Posted May 18, 2015 Share Posted May 18, 2015 for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * ) but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks Extra stuff: the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod. TheMuffinManOP 1 Link to comment Share on other sites More sharing options...
ffzero58 Posted May 18, 2015 Share Posted May 18, 2015 If folks are still worried about what is lurking in your autorun, download this sysinternals tool: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx It will enumerate all of the items that will start with Windows. Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on. Link to comment Share on other sites More sharing options...
FlyingAce Posted May 18, 2015 Share Posted May 18, 2015 If folks are still worried about what is lurking in your autorun, download this sysinternals tool: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx It will enumerate all of the items that will start with Windows. Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on. what do red and yellow highlights mean? Link to comment Share on other sites More sharing options...
ffzero58 Posted May 18, 2015 Share Posted May 18, 2015 (edited) If folks are still worried about what is lurking in your autorun, download this sysinternals tool: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx It will enumerate all of the items that will start with Windows. Process Explorer and TCPView are also good tools to see if there is still suspicious activity going on. what do red and yellow highlights mean? Red: unsigned image (not signed by any recognized authority - if any) Yellow: missing image (the file the entry is pointing to is missing from the filesystem) Edited May 18, 2015 by ffzero58 Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 18, 2015 Share Posted May 18, 2015 for some random reason silent wants me to post here. so no one will see this post but I will do as he said ( post) :hey guys I removed everything such as shell in the regedit and all the files and stuff I went as far as to reinstall gta 5 but I found a shell folder in regedit and deleted it I also found a file called "*" (yes a * ) but I think I went to far as after doing some research this was added by windows I have backups and restore points so it is nothing huge and I really want to re install windows but I really do not want to start again after having this pc like 10 months of having it but I am only 50 % sure I am safe I have changed most in portent passwords such as youtube twitch facebook paypal and rockstar steam and the rest but I re installed gta 5 and it launched in windowed mode witch was strange I wish I checked my processes but I can't remember doing so but the fade folder in regedit so I deleted it again and rebooted 2 times and it has not returned. for the people saying about the "leep" and "fade" in the regedit I only installed the noclip mod and it seems the files where added on the same date as every one else "5/5/2015" on the 5 of may witch seems weird and I only had fade and no leep witch people said "leep" was part of the noclip mod let me know where to look for this "leep" sh*t too please, thanks Extra stuff: the real kicker is that I wanted to start gta modding in gta 5 and I started then I heard the news about all this f*ckery with the malware this really will hit the community hard since I am not even going to download a mod. until it has been like 110 % confirmed to be real by tons of people and youtubers as such rockstar should touch on it even though they do not really approve for modding in gta 5 it should be talked about wont be surprised if rockstar said "I told you so" I still think there is that 1 person out there that has not heard the news and I have been in contact with malwarebytes since It did not detect it I just hope this comes to light even more than it has As I know there were different noclip mods, so it should be that some mods had leep and others had fade. In my case I just got fade from noclip mod. well I just had fade too man that sucks I didn't even use noclip only the occasional looking behind a wall for like an easter egg, oh well, thanks for the reply alright, i scanned my PC with malwarebytes too and it said its clean from any init or fade exe. I recommend more programs since malwarebytes didn't detect it. all it did is detected a "hijack.shallA.gen" and another one I knew about this before this thing even happened I even uni-stalled gta 5 before this happened because I knew it was gta 5 doing it since every time I run it it would be detected by malwarebytes but it did not completely remove it PLEASE go through the step by step removal guide in this main post and go here : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/ to remove ALL malware from your pc. thanks Link to comment Share on other sites More sharing options...
TheMuffinManOP Posted May 18, 2015 Share Posted May 18, 2015 FOR ANY ONE ASKING FOR MORE HELP ON REMOVING MALWARE ( sorry for caps ) go here it is an official Reddit post on how to remove malware : http://www.reddit.com/r/techsupport/comments/33evdi/suggested_reading_official_malware_removal_guide/ hope this helps Link to comment Share on other sites More sharing options...
Microbots Posted May 18, 2015 Share Posted May 18, 2015 So I'm going through the basics of IDA and the relevant tutorials on youtube. In one of them, it says that you can see the importsand what they use like using like networking. Now I have no idea what ASI files need or how they work when they download viruses. But did Angry Planes mod need that import and would it show up on IDA? Link to comment Share on other sites More sharing options...
Prolifikk Posted May 18, 2015 Share Posted May 18, 2015 Did it affect windows 8.1 users? I can't find any of the exe files. But I did find one .z file in temp that appeared to be unnamed and had a winrar icon. Link to comment Share on other sites More sharing options...
MarshallRawR Posted May 18, 2015 Share Posted May 18, 2015 Did it affect windows 8.1 users? I can't find any of the exe files. But I did find one .z file in temp that appeared to be unnamed and had a winrar icon. Of course it affected 8.1 users, pretty much any PC running GTAV with the mod. Look at your antivirus's quarantine, it might be there already. Also, check the registry. Good luck, pal. Link to comment Share on other sites More sharing options...
Eagle1001 Posted May 18, 2015 Share Posted May 18, 2015 Is it possible it stole files and is it possible it copied to other harddrives and infected those .exe files? Link to comment Share on other sites More sharing options...
ffzero58 Posted May 18, 2015 Share Posted May 18, 2015 Is it possible it stole files and is it possible it copied to other harddrives and infected those .exe files? Yes. The virus stole session/saved passwords of social media sites, steam, etc... It also logged your keystrokes and did all sorts of debauchery on your system. As for your latter question, it does not look like that is the case. Even so, look through your autoruns to see if you have any suspicious entries. Link to comment Share on other sites More sharing options...
EddieThePro Posted May 18, 2015 Share Posted May 18, 2015 (edited) So after everything with the viruses, can someone scan the "Ped Riot/Chaos Mode" mod? Link: https://www.gta5-mods.com/scripts/ped-riot-chaos-mode(gta5-mods.com) If someone wants this removed, i'll remove it instantly Edited May 18, 2015 by EddieThePro Link to comment Share on other sites More sharing options...
Recommended Posts